// Trust & Security Report
Hugging Face, Inc. (Gradio is open-source framework maintained by Hugging Face)
Gradio is an open-source Python library for building and deploying machine learning interfaces. Supports local deployment, Hugging Face Spaces hosting, share links (via gradio.live), and self-hosted options.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on blog.trailofbits.com“Gradio 5 underwent a third-party security audit by Trail of Bits in 2024. Verbatim from the Trail of Bits report: 'Our review uncovered eight high-severity issues in Gradio 5 before its release, including vulnerabilities in the Gradio-deployed infrastructure.' Trail of Bits also states: 'Following a post-audit fix review, we are confident that all reported issues have been sufficiently addressed and do not pose a risk to Gradio 5, the newest version of Gradio released on October 9, 2024.' The audit examined the Gradio server and the share-link (frp) infrastructure.”
> Show 5 unconfirmed / not-held certifications
source: huggingface.coHugging Face (parent company/host) is SOC 2 Type 2 certified; Gradio itself does not hold this certification independently. When deployed on Hugging Face Spaces, benefits from parent company certification, but no public evidence Gradio framework holds its own SOC 2.
source: huggingface.coNo public evidence of ISO 27001 certification for Gradio or Hugging Face found in security documentation.
source: huggingface.coHugging Face (parent/host) is GDPR compliant and offers DPA through Enterprise plans. Gradio itself as open-source framework has no independent GDPR compliance claim. Deployment GDPR status depends on hosting choice (Hugging Face Spaces vs self-hosted).
source: huggingface.coNo public evidence of HIPAA compliance for Gradio or parent company Hugging Face in publicly available documentation.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Depends on deployment: Hugging Face Spaces uses US-based infrastructure; self-hosted deployments are region-agnostic
No evidence found that Gradio trains on customer data. Open-source library with option to self-host or use Hugging Face Spaces. If using Hugging Face Spaces, customer data would be subject to Hugging Face terms, which do not train on user app data unless explicitly opted into.
// Security controls
Encryption in Transit
TLS encryption used for Share links via secure TLS tunnel to gradio.live server
gradio.appFile Access Control
Configurable file access restrictions via allowed_paths and blocked_paths parameters; hidden files (starting with .) not cached; arbitrary path access prevented
gradio.appShare Link Timeout
Official Gradio share links expire after 72 hours; enterprise deployments can self-host FRP server for longer running links
gradio.appAuthentication
Gradio supports OAuth via Hugging Face; built-in authentication layer is basic - lacks MFA, rate limiting, and automatic lockout policies for security-critical applications
gradio.appVulnerability Disclosure
Security vulnerabilities reported to gradio-team@huggingface.co; team commits to immediate patching and credits reporters
github.comSecurity Testing
Gradio 5 integrated Semgrep and CodeQL security testing into CI/CD; fuzz testing implemented for critical functions; GitHub Actions security hardening
huggingface.co// Products & data scope
data: Local: all data stays on developer's machine. Share links: data transits through gradio.live server (TLS encrypted, 72-hour retention). Hugging Face Spaces: data processed by Hugging Face infrastructure.
Available via pip install; no licensing restrictions; commonly used for ML prototyping and demos
data: Data processed and stored on Hugging Face US-based infrastructure. Subject to Hugging Face privacy policy and security posture.
Free tier available; auto-scaling; shareable URLs; subject to Hugging Face SOC 2 Type 2 and GDPR compliance
data: Local app exposed via secure TLS tunnel; data transits through Gradio's server but doesn't persist; 72-hour expiration
Free ephemeral sharing; no account required; not suitable for production; limited to 72 hours
data: All data stays on customer's infrastructure; no vendor data access
Full control over data, encryption, access; requires customer infrastructure management; FRP server can be self-hosted for custom domains
// What to watch
- CONFLATION CORRECTED (prior draft): gradio.curated.co/privacy (last updated May 14, 2018) is the privacy policy of Curated Software, the newsletter platform that hosts the Gradio email newsletter, NOT the Gradio ML library. The open-source Gradio library has no standalone product privacy policy; data handling is governed by the deployment choice (Hugging Face privacy policy for Spaces and gradio.live share links, or the operator for self-hosted). The '2018 outdated policy' concern does not apply to the product and has been removed.
- Cert ambiguity: Hugging Face holds SOC 2 Type 2 and GDPR compliance, but Gradio (the open-source framework itself) makes no independent certification claims. Users must distinguish between Gradio library vs. Hugging Face Spaces hosting.
- No DPA or BAA directly from Gradio: DPA and BAA available through Hugging Face Enterprise plans only, not native to Gradio library.
- Open-source project: As an open-source library, Gradio itself does not undergo the same formal compliance audits as commercial SaaS products. Security posture depends heavily on deployment choice (self-hosted vs. Hugging Face Spaces).
- Share link limitations: Official gradio.live share links expire after 72 hours and are not suitable for persistent public deployments.
- Basic authentication: Gradio's built-in authentication is basic and lacks security controls like MFA, rate limiting, and automatic lockout - developers must implement additional auth for security-critical apps.
- Multiple security vulnerabilities found in Trail of Bits 2024 audit but were all remediated before Gradio 5 release.
// At a glance
Pricing model
Open source (free); Hugging Face Spaces has free tier and paid tiers; self-hosted is free (infrastructure costs borne by customer)
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Hugging Face, Inc. (Gradio is open-source framework maintained by Hugging Face)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
huggingface.co